The GDPR

The introduction of the GDPR is causing me challenges.

Most people in my company have some idea about what personally identifiable information they have and why, but the new regulations will introduce a level of corporate responsibility that they’ve not previously had to live up to.

We’re working to understand the changes so we can ensure we’re compliant by next May.

Jack

Compliance Manager

What is the GDPR?

The General Data Protection Regulation (‘the GDPR’) is a new piece of EU legislation that from May 25th 2018 changes the way organisations of any shape or size interacts with information that can personally identify individuals. At the point the regulation goes live, the way an organisation collects, stores, processes and secures Personally Identifiable Information (‘PII’) must change forever.

Focused on ensuring that PII is at all times held securely for valid reasons only, the GDPR will, in many cases, require revolution in the way your organisation regards data with significant legal and financial penalties at stake for failure to comply or breeches in data handling policies.

Built round a number of fundamental principles, the GDPR introduces what will be, in many cases, an entirely new set of data and information management challenges for all organisations – regardless of their size, geographic location or the nature of their business.

Designed to protect the privacy and rights of individuals, as opposed to that of businesses and organisations, the GDPR has the potential to be both disruptive (for those having to comply) and genuinely beneficial (for those that may benefit from the opportunity to have ‘wrongs, righted’) making it a regulation that is both controversial and welcomed at the same time.

The 6 Principles of the GDPR



Transparent Handling

All data must be processed in accordance with published principles and be available to a legitimate requester within 72 hours



Legitimate Use

You can only hold PII with permission and for agreed usage only



Limited Collection & Storage

It’s necessary to ensure that your data collection is explicit and articulated



Right to Correct & Remove

Information deemed by the individual referenced has to be corrected, if wrong, or removed, if requested



Time Constraint

Information can only be held for an appropriate length of time consummate with its purpose



Appropriately Secure

PII must be held securely and with access granted only to those deemed necessary

So what does the GDPR mean for you?

Work. It really is that simple. You need to assess your current position, implement change to bring yourself to a compliant state and implement processes to maintain compliance and deal with issues.

It can be seen by even the casual observer that the obligation placed on an organisation making use of PII will significantly increase once the GDPR comes into effect in 2018.

If you gather, store, process or otherwise interact with PII for Residents of the EU – regardless of where you are homed as an organisation – then you will need to comply with, and abide by the regulation.

So how can extaCloud help?

We’ve been in and around the information management space for a while now. We’re up to our eyeballs in helping customers leverage information to improve their bottom line so we have a real understanding of how organisations of all shapes and sizes use information.

We work pretty hard to ensure that we understand the challenges associated to the GDPR, we have racked up dozens of projects over the last year or so where we have been helping customers better understand their obligations under the GDPR and how to leverage the technologies that they have to improve their compliance position.

Our deep rooted knowledge of Microsoft technologies including: SharePoint, Exchange, Office 365 and Azure provide us with capability that we are bringing to customers in the form of both consulting and managed services.

Take a look below at some of the services that we offer around the GDPR.

Already have a project running for the GDPR? We’ll give you our view on how you’re doing.

Still confused?

Rest assured, you are not alone. Many organisations of all shapes, sizes and types are thoroughly confused by the GDPR and what it means to them. We’re expecting the confusion to reign paramount for the foreseeable future.

How about this. Drop us a line. We’re offering free initial consultations to organisations interested in learning more about the GDPR, what you need to be doing to prepare and how extaCloud would be able to help if you need it.

Fill in the form below, we’ll get back to you and set something up. No pressure. No fuss. Nice and simple.